From f45cc326fc1958a24ac52acc8d8e77cd386efbe4 Mon Sep 17 00:00:00 2001 From: Chad Date: Tue, 17 Oct 2023 04:35:57 -0700 Subject: [PATCH] Fixes and Enhancements (#16) * Add more instructions after successfully creating a new subdomain. * Update the container name. * Add a just-in-case step. * Add an alias and improve comments. * Fix manage path. * Add limits but no reservations for PP. Start off somewhat relaxed rather than strict. * Always restart PP containers. * Move URL to env file. Do not recommend using HTTPS in the value. * Format comments. * Put commands in shells so they cannot exit the full program. * Updating apps like this did not seem to be working, but also do not want it to work anymore. --- Config/Nextcloud/cron.sh | 7 ++++--- Config/PhotoPrism/docker-compose.yml | 21 +++++++++++++++---- Config/PhotoPrism/env.example | 6 ++++++ Config/ReverseProxy/README.md | 9 ++++++++ .../ReverseProxy/create_letsencrypt_certs.sh | 6 +++--- source.env | 8 +++++++ 6 files changed, 47 insertions(+), 10 deletions(-) diff --git a/Config/Nextcloud/cron.sh b/Config/Nextcloud/cron.sh index 9de1654..1f4e717 100755 --- a/Config/Nextcloud/cron.sh +++ b/Config/Nextcloud/cron.sh @@ -12,10 +12,11 @@ if (( $RUNNING > 0 )); then fi # 2023-08-25 From crontab. -docker exec -u www-data nc-app php cron.php --define apc.enable_cli=1 +sh -c "docker exec -u www-data nc-app php cron.php --define apc.enable_cli=1" # 2023-08-25 From fixes.sh, keep ownership correct and apps up to date. -docker exec -it nc-app chown -Rc www-data:www-data . -docker exec -itu www-data nc-app ./occ app:update --all +sh -c "docker exec -it nc-app chown -Rc www-data:www-data ." +# No longer update apps in advance of NC updates, allow the upgrade process to do it. +#sh -c "docker exec -itu www-data nc-app ./occ app:update --all" exit 0 diff --git a/Config/PhotoPrism/docker-compose.yml b/Config/PhotoPrism/docker-compose.yml index 0f2045f..18a6172 100644 --- a/Config/PhotoPrism/docker-compose.yml +++ b/Config/PhotoPrism/docker-compose.yml @@ -28,7 +28,6 @@ # # CLI Commands: # - https://docs.photoprism.app/getting-started/docker-compose/#command-line-interface -# ## ## @@ -45,7 +44,8 @@ services: ## Don't enable automatic restarts until PhotoPrism has been properly configured and tested! ## If the service gets stuck in a restart loop, this points to a memory, filesystem, network, or database issue: ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors - # restart: unless-stopped + #restart: unless-stopped + restart: always stop_grace_period: 10s depends_on: - pp-db @@ -58,7 +58,7 @@ services: PHOTOPRISM_ADMIN_USER: $PHOTOPRISM_ADMIN_USER # admin login username PHOTOPRISM_ADMIN_PASSWORD: $PHOTOPRISM_ADMIN_PASSWORD # initial admin password (8-72 characters) PHOTOPRISM_AUTH_MODE: "password" # authentication mode (public, password) - PHOTOPRISM_SITE_URL: "http://localhost:2342/" # server URL in the format "http(s)://domain.name(:port)/(path)" + PHOTOPRISM_SITE_URL: $PHOTOPRISM_SITE_URL # server URL in the format "http(s)://domain.name(:port)/(path)" PHOTOPRISM_DISABLE_TLS: "false" # disables HTTPS/TLS even if the site URL starts with https:// and a certificate is available PHOTOPRISM_DEFAULT_TLS: "true" # defaults to a self-signed HTTPS/TLS certificate if no other certificate is available PHOTOPRISM_ORIGINALS_LIMIT: $PHOTOPRISM_ORIGINALS_LIMIT # file size limit for originals in MB (increase for high-res video) @@ -119,6 +119,12 @@ services: # *Optional* base folder from which files can be imported to originals # Importing reorganizes files+folders, would rather they remain intact. #- "../../Volumes/PhotoPrism/imports_go_here:/photoprism/import" + deploy: + mode: global + resources: + limits: + cpus: '2.00' + memory: 2G ## Database Server (recommended) ## see https://docs.photoprism.app/getting-started/faq/#should-i-use-sqlite-mariadb-or-mysql @@ -127,7 +133,8 @@ services: image: mariadb:10.11 ## If MariaDB gets stuck in a restart loop, this points to a memory or filesystem issue: ## https://docs.photoprism.app/getting-started/troubleshooting/#fatal-server-errors - restart: unless-stopped + #restart: unless-stopped + restart: always stop_grace_period: 5s security_opt: # see https://github.com/MariaDB/mariadb-docker/issues/434#issuecomment-1136151239 - seccomp:unconfined @@ -143,6 +150,12 @@ services: MARIADB_USER: $MARIADB_USER MARIADB_PASSWORD: $MARIADB_PASSWORD MARIADB_ROOT_PASSWORD: $MARIADB_ROOT_PASSWORD + deploy: + mode: global + resources: + limits: + cpus: '0.50' + memory: 512M # Configured but not using this, would prefer to update manually, and the # volume needs also seem sort of odd. Do not want it to harm other projects. diff --git a/Config/PhotoPrism/env.example b/Config/PhotoPrism/env.example index 3229362..b8ef176 100644 --- a/Config/PhotoPrism/env.example +++ b/Config/PhotoPrism/env.example @@ -7,6 +7,12 @@ PHOTOPRISM_ADMIN_USER = "admin" # admin login username PHOTOPRISM_ADMIN_PASSWORD = "PleaseChangeMe" # initial admin password (8-72 characters) +# External FQDN +# Should be in the format "http(s)://domain.name(:port)/(path)". +# Seems to work best if you leave off the s if behind a revese proxy, +# such as: PHOTOPRISM_SITE_URL = "http://photoprism.example.com" +PHOTOPRISM_SITE_URL = "http://localhost:2342" + # Max Storage Space? PHOTOPRISM_ORIGINALS_LIMIT = 5000 # file size limit for originals in MB (increase for high-res video) diff --git a/Config/ReverseProxy/README.md b/Config/ReverseProxy/README.md index 5080294..0a58732 100644 --- a/Config/ReverseProxy/README.md +++ b/Config/ReverseProxy/README.md @@ -72,3 +72,12 @@ If wanted as a one-line command: ``` # docker compose down && docker compose build && docker compose up -d ``` + +## Add New Config +1. Modify your `./config/hosts/domain` file and add the resource. +1. Create the `./config/conf.d/fqdn` file as needed, using the resource. +1. (Optional) If the system needs a cert added, run the placeholder script. +1. Restart the project based on Update Config above. +1. (Optional) Now you may run the letsencrypt script for a real certificate. +1. (Optional) Run another Update Config to make sure the certs are loaded. +1. Done! If set up correctly the site should be live. diff --git a/Config/ReverseProxy/create_letsencrypt_certs.sh b/Config/ReverseProxy/create_letsencrypt_certs.sh index 8b4267d..6c87a7d 100755 --- a/Config/ReverseProxy/create_letsencrypt_certs.sh +++ b/Config/ReverseProxy/create_letsencrypt_certs.sh @@ -21,7 +21,7 @@ if [[ ! -d $CERT_DIR ]]; then fi # The container needs to be running in order to use the certbot command. -certbot_running=`docker ps | grep -c reverseproxy-certbot-1` +certbot_running=`docker ps | grep -c rp-certbot` if [[ $certbot_running != 1 ]]; then echo "ERROR: Certbot container does not appear to be running, cannot continue." >&2 exit 1 @@ -85,12 +85,12 @@ grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do echo "Domains='$domains'" echo "Attempting to create certs at $CERT_DIR/$filename." - docker exec reverseproxy-certbot-1 \ + docker exec rp-certbot \ certbot certonly -n --webroot $dry_run \ -w /etc/letsencrypt --agree-tos -m $email -d $filename if [[ -z $dry_run ]]; then - docker exec reverseproxy-certbot-1 \ + docker exec rp-certbot \ sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/" ls -lh $CERT_DIR/$filename/* fi diff --git a/source.env b/source.env index ceb7290..1cc6b3b 100755 --- a/source.env +++ b/source.env @@ -12,12 +12,20 @@ if [[ "$DIR" == '.'* ]]; then cd "$RETURN" fi +## Variables ## + DOCKER_HOME="$DIR" DOCKER_PATH="$DOCKER_HOME/bin" PATH="$DOCKER_PATH:$PATH" export DOCKER_HOME DOCKER_PATH PATH +## Aliases ## + +alias manage="$DOCKER_HOME/bin/manage.sh" + +## Validations ## + if [[ -e $DOCKER_HOME/$PROG ]]; then echo "'$DOCKER_HOME/$PROG' has been loaded successfully." else